Previous  1  2  3  Next

Stay off Porn Hub too...............so I've heard.

   

The German company who's email service the Hackers were using to communicate with victims blocked that account. So, even if you pay the ransom, you won't be able to ge the key to unlock your files.

Assuming the hackers ever intended to give out keys.

Moral of the story: don't get infected. If you do, the only way out is to format your machine and restore from backup.

   

Microsoft has a good writeup and analysis:

https://blogs.technet.microsoft.com/mmp ... abilities/

   

That was a dumb move. The attackers have generally unlocked the computers, because if they don't, no one will ever pay. So why block the channel that allows for this? I know people who have had to deal with ransomware attacks through my school, one of the professors was called in to help. The hackers have better customer service than 99% of the companies you deal with on a daily basis.

   

I assume you mean Eternal Blue?

So the same exploit that was used a month and a half ago, that was patched three months before that.

Can't say I have a lot of sympathy. The first one I can let go because most businesses have shit patch timelines. The second hit is inexcusable, they completely ignored the last attacks. People should be fired over this.

   

Because you have to stop that channel for getting paid, or these attacks will continue and get worse. The business model must be broken before it becomes the new normal.

I would love to see a 'White Hat' hacker release one of these trojans that encrypts your documents, accepts payment, then does not deliver the keys. One finger, two words. People then might start being a little more careful.

   

They'll just use a new channel. All they did was fuck over the victims for sure in this attack.

Clearly not, considering they ignored the last one entirely.

   

I'd argue the victims were already fucked. Only the ransomers got fucked this time too.



This one is spread through no fault of the user, as Eternal Blue uses the SMB protocols as an attack vector and steals domain credentials among other things.

But with the last one, businesses paid a lot of ransom to get their files back. Businesses that decided it was cheaper to skimp on IT and pay the ransom rather than to protect themselves in the first place.

The lengths we go to around here to protect ourselves isn't even enough. We sometimes get hit with ransomware, because some employee clicks on something that is obviously a trap. But when we have to spend many man hours to fix the problem and restore service, the employee learns that their employment hinges on them being more careful. And they don't do it again.

That's what the rest of the world needs to learn. Computers aren't new anymore. You can't grow up and get a job now without having to learn the basics about a computer, like when I was growing up. People learnt that you don't pay a crack whore $20 for sex and not receive serious consequences.

Same needs to be taught about the internet. And perhaps a few people need to lose all the selfies they took in order to learn that lesson. It's inconvenient. But having hospitals knocked offline by ransomware crosses the line from inconvenient to life threatening.

   

Tricks, you're right that the correct name is 'Eternal Blue' yet EXTERNAL BLUE is being used on several FOUO documents.

Makes me wonder if they're two separate things.

   

Except they removed the possibility of unfucking themselves.

Also that's a really fun line of sentences we just created.

Right, but that was patched in March by Microsoft in MS17-010. Literally anyone running that patch should not be affected. You can also block port 445 (which should be done any ways) or like bartman said earlier, disable SMBv1. None of the above was done.

I agree 100%, people are morons and will break things given the chance, but that's why if companies enact proper compliance policies they get hit way less, and way less harder.

I've said it before, the best anti-virus is common sense. Don't click on fucking everything and chances are you won't get broken.

   

Typo probably that no one has bothered to fix or correct. I can't find anything called external blue.

   

That was pretty lyrical, wasn't it.



Which is why I think the victims were already fucked. If you are putting unneeded ports open on the internet, if you are running unpatched servers on the internet, if you are running publicly facing servers on your internal network - you are fucked! If you are not running EMET on your public facing servers to limit any potential damage, you fucked yourself.

You fucked yourself by ignoring 30+ years of computer security. Maybe a few companies need to be bankrupted by losing all their data for the remaining companies to pay attention.



The best anti-phishing tool is people talking around the water cooler how Bob in Accounting got fired for swallowing multiple baited hooks, and how his employment isn't worth the cost of fixing his mistakes.

I've seen some well crafted phishing emails that looked exactly like they were sent from our Deputy Minister. The only thing that stopped me from clicking on the attachment was that the subject was poorly worded, like it was from someone who didn't understand the subject; and the attachment didn't interest me and seemed to not follow the subject of the email. It was the former that cause me to suspect the email, and we quickly contained the threat.

It will take a lot of work to get the regular user to my level of paranoia. You'll get here eventually, if you stay in the business long enough.

   

Couldn't agree more. Hence why I don't have a lot of sympathy, they brought this on themselves by failing to protect their shit. Especially after this happened a month and a half ago. I'm by no means a security expert, but within 2 semesters of this program, I look at virtually every company I've ever worked for and just go "holy shit do they play with fire".


I read about a spam email sent from a contractor for the DoD. I think krebs did a bit on it, was hilarious, the spammer obviously had no idea who's credentials he had managed to get.


I'm arguably at that point in that I don't open an email from someone I don't know. If I do know them and I open it and it isn't something I recognize ever talking to them about, or doesn't follow their typical email style, I ignore it unless they ask me about it

   

I use Thunderbird in text mode for email. No HTML, no scripting. And I don't open attachments.

   

And it looks like Petya was not ransomware, but destroyed data with no hope of recovery.

https://arstechnica.com/security/2017/0 ... ansomware/

It also looks like it was a targeted attack on Ukraine.



https://www.theverge.com/2017/6/28/1588 ... ine-russia

   

Previous  1  2  3  Next